Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

4/30/2018
09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Insider Threats Cost Enterprises More Than $8M Every Year – Report

Insider threats, whether it's an employee with malicious intent or a worker is simply careless, can cost enterprises more than $8 million over the course of 12 months to clean up, according to a new report.

Insider threats, whether it's an employee looking to steal data to sell or simply a case of worker carelessness or neglect, are costing enterprises more and more money every year to clean up, according to a new report.

Specifically, enterprises are spending on average about $8.76 million during the course of a 12-month period to clean up from the damage that an insider security threat can cause.

It usually takes about two months to clean up from one of these incidents.

These and other findings are contained in a report "2018 Cost of Insider Threats: Global Organizations," conducted by the Ponemon Institute and sponsored by ObserveIT, a startup that specializes in employee monitoring and behavior analytics software for enterprise.

The study, released on April 24, is based on interviews with 717 securities practitioners from around the world, who reported more than 3,200 insider incidents over the course of the past year.

While outsider attacks, such as Advanced Persistent Threats (APTs), which are usually conducted by nation-states involved in espionage, draw the most attention, the report is a reminder to enterprises that some of the biggest threats are lurking around the cubicle corner of every office. (See APTs Are Rising in the East, Kaspersky Finds.)

For instance, in the past week, SunTrust Bank of Atlanta has started an investigation into whether a former employee possibly took personal data from customers. Overall, the company had to notify about $1.5 million customers of the possible theft, and offer credit monitoring. (See SunTrust Investigation Shows Continuing Threats Posed by Insiders.)

Over the last two years, insider threat clean-up costs increased over 100% from $4.3 million to the $8.76 million figure found in the last report. (The original 2016 Ponemon report only included US costs, while the new one released this month included global numbers.)

Since 2016, Ponemon estimates that the number of security incidents involving employee or contractor negligence has increased by 26%. At the same time, malicious or criminal intent, like the possible theft SunTrust in investigating, increased by nearly 53%.

Despite the rise in malicious insider attacks, it's still the negligent insider who is the cause of most security problems, with 64% of incidents related to carelessness and 23% tied to nefarious activities.

"The careless insider is frequently caused by employees or contractors who are simply trying to bypass broken or undocumented business practices to better accomplish their task, without regard for the potential ramifications of exposing internal data in inappropriate ways," ObserveIT CEO Mike McKee wrote in an email to Security Now.

"The malicious insider, however, is actively working to better understand your internal cybersecurity defenses and processes and how best to bypass them in order to avoid detection/prevention," McKee added. "The result of the insider threat and ultimate costs (value of data, lost productivity, fines, etc.) are often more complex and much higher than the careless insider case."


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual Big Communications Event. There's still time to register and communications service providers get in free!

The biggest problem with insider threats is the loss or theft of company credentials. In fact the number of these incidents has doubled over the past two years, increasing by a staggering 170%, according to Ponemon.

In addition, size matters. Enterprises with more than 75,000 employees spent $20 million over the last year to resolve insider security lapses. Those companies with less than 500 workers spent about $1.8 million.

McKee added that regulations, such as the European Union's General Data Protection Regulation (GDPR) and US privacy laws, are also increasing costs to enterprises when it comes to insider clean-up. (See GDPR Compliance: Enterprises Have Two Options to Consider.)

Unsurprisingly, financial services spent the most on average to fix insider problems. On average it cost these enterprises about $12 million to resolve. Energy and utilities spent about $10 million and retail shelled out $8.8 million.

Finally, the report notes that large businesses in North America spent on average about $11 million last year to resolve these issues. That's more than enterprises in Asia-Pacific -- $5.9 million -- and Europe and the Middle East -- $7 million.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4560
PUBLISHED: 2020-08-03
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2019-4589
PUBLISHED: 2020-08-03
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.
CVE-2020-4328
PUBLISHED: 2020-08-03
IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.
CVE-2020-4377
PUBLISHED: 2020-08-03
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
CVE-2020-4534
PUBLISHED: 2020-08-03
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbi...